I don't see how passing a sanitized URL to the wp_nonce_url function hurts anything.

The issue I'm trying to raise here is that the results of the built in *_url() functions should be safe to use in attributes without additional escaping.

Every plugin and theme I can think of offhand already treats the functions this way, and the WP admin code did as well prior to 3.0. Rather than requiring all plugins and themes to add additional wrapper functions, I think that the wrapper functions added in wp-admin in 3.0 should be removed and the output of the *_url() functions should be made safe to use without them.

esc_url() is used to escape URLs so they are safe for outputting into HTML. Applying esc_url() to functions such as site_url() and admin_url() means that everything not in the context of HTML will get a URL with encoded ampersands, which is not desirable at best, and breaks things at worst.

Consider this:

wp_redirect( admin_url( 'tools.php?page=foo' ) );

This is a common pattern not only in plugins but in core, too. Adding esc_url() to admin_url() breaks this piece of code.

Even if a $context parameter was added to site_url(), admin_url() etc in order to control the context passed to esc_url() (which is a terrible design pattern in itself), the context would have to default to something other than display for backwards compatibility, which mostly negates the point of adding esc_url() to these functions in the first place.